CVE-2024-12378

Published: May 8, 2025Modified: May 12, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: psirt@arista.com (Secondary)

Description

On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113

Source: psirt@arista.com

Timeline

No history available yet.